Skip to content

Commit

Permalink
slip-0039.md: use n for nonce
Browse files Browse the repository at this point in the history
  • Loading branch information
@prusnak
prusnak committed Jul 25, 2018
1 parent f8573bc commit de1189e
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions slip-0039.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,16 +37,16 @@ The value to be encoded as the master secret must be a multiple of 8 bits. This

We propose the following format of the shares:

| nonce (N) | index (I) | threshold (M) | share (S) | checksum (C) |
| nonce (n) | index (I) | threshold (M) | share (S) | checksum (C) |
|-----------|------------|---------------|------------------|--------------|
| 20 bits | 5 bits | 5 bits | 130/200/260 bits | 30 bits |

* `nonce` field is a random 20-bit identifier which is the same for all shares and it's used for detection whether the shares belong together, it's also later as salt in key derivation functions
* `index` field corresponds to the SSS part's `x` value (see the diagram above)
* `threshold` field indicates how many shares are needed to reconstruct the secret
* `index` and `threshold` fields values are from range 1-31, value 0 is not considered valid
* `share` field is the corresponding SSS part's `y` value (see the diagram above) right-padded with zeroes to the nearest multiple of 10 bits
* `checksum` field is a Bech32 checksum (defined in BIP-0173) of the whole share (that is `N || I || M || S`), human-readable part (hrp) of Bech32 is "SLIP0039"
* `nonce (n)` field is a random 20-bit identifier which is the same for all shares and it's used for detection whether the shares belong together, it's also later as salt in key derivation functions
* `index (I)` field corresponds to the SSS part's `x` value (see the diagram above)
* `threshold (M)` field indicates how many shares are needed to reconstruct the secret
* `index (I)` and `threshold (M)` fields values are from range 1-31, value 0 is not considered valid
* `share (S)` field is the corresponding SSS part's `y` value (see the diagram above) right-padded with zeroes to the nearest multiple of 10 bits
* `checksum (C)` field is a Bech32 checksum (defined in BIP-0173) of the whole share (that is `n || I || M || S`), human-readable part (hrp) of Bech32 is "SLIP0039"

This structure is then converted into a mnemonic code by splitting it up by 10 bits which correspond as an index to the a word list containing exactly 1024 words (see below).

Expand All @@ -72,7 +72,7 @@ Passphrase should contain only ASCII characters to achieve the best interoperabi

![passphrase](slip-0039/passphrase.png)

We will use `PBKDF2(PRF = HMAC-SHA256, Password = master_secret, Salt = ("SLIP0039" || passphrase || N), iterations = 20000, dkLen = 256 bits)` as the key derivation function. Value `N` is encoded as two words from the wordlist separated by exactly one space.
We will use `PBKDF2(PRF = HMAC-SHA256, Password = master_secret, Salt = ("SLIP0039" || passphrase || n), iterations = 20000, dkLen = 256 bits)` as the key derivation function. Nonce value `n` is encoded as two words from the wordlist separated by exactly one space.

We suggest to use the obtained seed as a master seed `S` for Hierarchical Deterministic Wallets described in BIP-0032.

Expand Down

0 comments on commit de1189e

Please sign in to comment.